Adobe Patches Flash Zero-Day Exploited By Magnitude Exploit Kit

wiredmikey writes: Adobe released a Flash Player update on Thursday night to patch a zero-day vulnerability that has been leveraged by cybercriminals to deliver malware via the Magnitude exploit kit. The vulnerability [CVE-2016-1019], a memory corruption that can be exploited for remote code execution, was discovered after, on April 2, security researcher Kafeine of Proofpoint noticed a change in the Magnitude exploit kit. The sample was then investigated by FireEye, which determined that Magnitude EK had been exploiting a previously unknown vulnerability in Flash Player."Despite the fact that this new exploit could potentially work on any version of Adobe Flash, including a fully patched instance of Flash, the threat actors implemented it in a manner that only targeted older versions of Flash. In other words, equipped with a weapon that could pierce even the latest armor, they only used it against old armor, and in doing so exposed to security researchers a previously unreported vulnerability," Proofpoint said in a blog post.

Re:You were warned

Bingo. I installed Windows 8 shortly after it came out and I purposely avoided installing Java because I knew there were huge security issues with it. That meant giving up VisualRoute, but I lived with it. As I live in China, I sometimes rely on using a proxy server to access parts of the internet I enjoy (facebook, youtube, mamedev). Previously I was using a free service called SoftEither VPN. It worked, rarely, but it was often very slow. A worker showed me a paid service called Lightning VPN. It was awesome. Very fast and reliable. Connected everyrtime. So, I use it now too, but it requires Java. So, I bit the bullet and installed Java. So, you want people to quit using Java and Flash? Well, some of us want too, but don't have the luxury of making those choices.